From a44fddfa07f21987cdef28869f7e5ae2f57ee7b4 Mon Sep 17 00:00:00 2001
From: John McQuah <jmcquah@disroot.org>
Date: Sat, 4 Mar 2023 17:42:13 -0500
Subject: [PATCH] denyhost: 2.9 -> 2.10; marked unmaintained; updated README

---
 denyhost/.footprint |  4 +---
 denyhost/.signature |  8 ++++----
 denyhost/Pkgfile    | 16 +++++++++-------
 denyhost/README     | 41 ++++++++++++++++-------------------------
 4 files changed, 30 insertions(+), 39 deletions(-)

diff --git a/denyhost/.footprint b/denyhost/.footprint
index e49ef1535..ac0e97e79 100644
--- a/denyhost/.footprint
+++ b/denyhost/.footprint
@@ -7,7 +7,7 @@ drwxr-xr-x	root/root	usr/
 drwxr-xr-x	root/root	usr/lib/
 drwxr-xr-x	root/root	usr/lib/python2.7/
 drwxr-xr-x	root/root	usr/lib/python2.7/site-packages/
--rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHost-2.9-py2.7.egg-info
+-rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts-2.10-py2.7.egg-info
 drwxr-xr-x	root/root	usr/lib/python2.7/site-packages/DenyHosts/
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/__init__.py
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/__init__.pyc
@@ -29,8 +29,6 @@ drwxr-xr-x	root/root	usr/lib/python2.7/site-packages/DenyHosts/
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/lockfile.pyc
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/loginattempt.py
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/loginattempt.pyc
--rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/old-daemon.py
--rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/old-daemon.pyc
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/plugin.py
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/plugin.pyc
 -rw-r--r--	root/root	usr/lib/python2.7/site-packages/DenyHosts/prefs.py
diff --git a/denyhost/.signature b/denyhost/.signature
index 157d145d0..4e37d6895 100644
--- a/denyhost/.signature
+++ b/denyhost/.signature
@@ -1,5 +1,5 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF3ysRuA9ybjfxHnzEzstngRQFdr2WEtvpAbTyDVVZD8Er+Q4BEWla3duFnY3j7I2aya2s9IItcc0jTT9+wz67qAI=
-SHA256 (Pkgfile) = 4e84f8238667e827e8ab5ddce7afa5d8515a9e4423652c934c09cf5d8f140d2f
-SHA256 (.footprint) = 48ef6504c01463750eed603c63c5c8dd654bbf8dc8bd0cdb246e1c3a4511b691
-SHA256 (denyhosts-2.9.tar.gz) = a1e6d14525e519ff92ea2f71bc7ae4586ee1dc76827b935e323a133fda73ed5b
+RWSagIOpLGJF3wBRPc5qbk1WtTnRoiPnTqcEJiLn2TbjqWmVZLMz97CkYwC0j8Ane1SFKXqBuV79VTDq6DvAB5gcG9lhIjFFXAk=
+SHA256 (Pkgfile) = c3b440e2ce95e033fcddff90b127770b48f2477467784883bd1f12f4e1f148e7
+SHA256 (.footprint) = 5b97cd5229e9dd4f3409cc100f4f67aee0bc6f4b52cf8d3d840f04b546cbe8c7
+SHA256 (denyhost-2.10.tar.gz) = 2f519f39e8d00258ba0b6d4ce2a55501fdc08b52c5b5f8881c098b4460c89c26
diff --git a/denyhost/Pkgfile b/denyhost/Pkgfile
index 325fe380e..04fd9041e 100644
--- a/denyhost/Pkgfile
+++ b/denyhost/Pkgfile
@@ -1,19 +1,21 @@
-# Description: A script intended to be run by Linux system administrators to help thwart ssh server attacks. (fork of denyhosts)
-# URL: http://denyhost.sourceforge.net/
-# Maintainer: Danny Rawlins, crux at romster dot me
-# Packager: Danny Rawlins, crux at romster dot me
+# Description: A script intended to be run by Linux system administrators to help thwart ssh server attacks.
+# URL: https://github.com/denyhosts/denyhosts
+# Maintainer: unmaintained
 # Depends on: python
 
 name=denyhost
-version=2.9
+version=2.10
 release=1
-source=(http://downloads.sourceforge.net/project/$name/$name-$version/denyhosts-$version.tar.gz)
+source=(https://github.com/denyhosts/denyhosts/archive/v$version/$name-$version.tar.gz)
 
 build() {
-	cd DenyHosts-$version
+	cd denyhosts-$version
 
 	/usr/bin/python setup.py install --root=$PKG
 
+	chmod g-w $PKG/usr/share/man/man8/$name* \
+		$PKG/etc/denyhosts.conf
+
 	install -d $PKG/etc/{denyhosts,rc.d} $PKG/usr/sbin
 
 	mv $PKG/etc/denyhosts.conf \
diff --git a/denyhost/README b/denyhost/README
index b66fd6310..8a7de7f44 100644
--- a/denyhost/README
+++ b/denyhost/README
@@ -1,37 +1,28 @@
-This is a fork of denyhosts, it'll run the same with a few small changes. I
-expect more code cleanup and a total shift to iptables in future.
+NOTES:
+
+The denyhost fork merged back with the original denyhosts, so this port name
+is an anachronism.
+The nftables project is featureful enough to make this port obsolete anyway,
+so it's being marked unmaintained to give current users a chance to
+replace their denyhosts setup with the nftables equivalent (dynamically
+updated sets).
 
 REQUIREMENTS:
 
-PRECAUTION:
-
-PRE-INSTALL:
+python2, for now. There's an open pull request that promises python3
+compatibility, but it hasn't received enough code review compared to the
+easier alternative: replicate the desired functionality using nftables.
 
 POST-INSTALL:
 
 Edit /etc/denyhosts/denyhosts.conf as needed.
 
-Edit /etc/inetd.conf, I added:
+Edit /etc/inetd.conf, for example:
 
 #<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
 sshd		stream	tcp	nowait	root	/usr/sbin/sshd in.sshd
 
-Add inetd and denyhosts to services array on /etc/rc.conf, after net and before sshd is loaded (and any other services used by denyhost and inetd (not sure if this is necessary but i believe its good to allow protection before the services start).
-
-PRE-REMOVE:
-
-POST-REMOVE:
-
-NOTES:
-
-To protect sshd.
-
-Edit /etc/hosts.allow and comment out everything, everything will have access by default.
-
-Edit /etc/hosts.deny and comment out the "ALL: ALL: DENY" part, also the "#End of file" bit will be useless as denyhosts appends to the file.
-
-(note the config in inetd.conf doesn't seem to be right or needed? see
-messages upon boot up, any corrections email me :) )
-
-Danny Rawlins, <contact at romster dot me
-
+Add inetd and denyhosts to services array on /etc/rc.conf, after net and
+before all the services supervised by denyhost and inetd (not sure if this
+is necessary but it might be wise to allow protection before the services
+start).